Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Building a resilient technology stack and operating model

Protecting business continuity has become complex due to global supply chains, and companies must consistently prepare for disruptions.

stack of interlocking wooden blocks

Consistent preparation is key

CIO with crossed arms looking right

Today, the ability to identify and respond to unexpected events and disruptions has become increasingly critical across so many dimensions — reputational, financial, regulatory, legal, health and safety — that it has risen at many organizations to the top of the corporate agenda.

While there are implications for every part of the enterprise, chief information officers have a foundational responsibility to build a resilient technology stack and IT operating model that can help their organization weather unexpected challenges to business continuity.

Easier said than done, of course, but following are seven concrete steps CIOs can take to make sure their tech stack and IT operating model have the resilience needed to perform under duress:

Chief information officers have a foundational responsibility to build a resilient technology stack and IT operating model
room filled with computer equipment and servers

 

The IT organization may want to standardize recovery plan documentation and store it in a location or system accessible during an outage.

1

Start by identifying those services and systems

critical to the business and its customers — as well as the people, locations and vendors that support those services and systems.

2

With that map in hand, identify and catalogue

all of the data elements, both at rest and in transit, required to keep the organization’s critical business operations humming.

3

Plan for complex and sophisticated attacks.

Plan, for example, for a ransomware attack in which data security is threatened, and large-scale recovery and restoration efforts may be needed, or for geopolitical developments that could disrupt a key vendor’s ability to deliver on its service level agreements.

4

In developing the IT operating model,

ensure that resilience is a foundational consideration during the planning, development, delivery, enhancement and maintenance of any new applications or systems introduced into the technology stack. This model should bring diverse parts of the enterprise — business, legal, risk and compliance, and all aspects of the IT organization, including cybersecurity — together with well-defined roles and responsibilities and clear handoff and escalation paths.

5

Digitize and automate resilience processes

through contemporary, market-leading platforms to improve recovery consistency and efficiency. For example, the IT organization may want to standardize recovery plan documentation and store it in a location or system accessible during an outage. Automate recovery testing, infrastructure and application recovery using scripting and tools. Use artificial intelligence for anomaly monitoring and detection.

6

Regularly test resilience and recovery systems

and processes to validate they can be relied upon. Training exercises should be frequent and robust, escalating in complexity as the organization matures and scenario driven — and not always announced ahead of time.

7

Include resilience requirements

in the company’s vendor management program, and hold critical vendors, including cloud service providers, to a higher standard of availability and recovery than less critical partners.

Trouble areas

team of people having a discussion in an office

As we work with clients across industries, we see a number of areas where organizations often stumble in their efforts to build a resilient technology stack and IT operating model.

One common mistake is to treat the challenge solely as a technology problem. By bringing their peers in the business into the planning process, CIOs can develop a resilience strategy that protects what is most important to the enterprise — without veering down digital alleys and byways that can sap resources and momentum. This at times may include the use of new systems or applications on an interim basis that require additional IT considerations.

In the same vein, organizations sometimes look to a specific tool as the solution to resilience. But individual tools — especially off-the-shelf varieties that can’t be highly tailored to your organization — may struggle to deliver what your business needs. Indeed, retrofitting existing platforms with bolt-on tools often fails to yield optimal results. CIOs can sidestep this problem by performing requirements gathering for a tool, ranking features from “must have” to “good to have” to “expendable” and then performing a market scan to identify the tools that can best meet those requirements.

Finally, too many organizations are not testing their recovery processes with enough rigor to prove that value chains can be quickly restarted following a disruption. A robust testing routine is the only way to make sure resilience measures that make sense on paper can truly be relied upon in the field.

If you’re concerned that your organization’s tech stack and IT operating model aren’t sufficiently resilient, take some time over the next few months to get answers. Define the risks to your business and the gaps in your current capabilities. Then, start building and executing against a delivery strategy to reduce resilience risk to an acceptable level.

A robust testing routine is the only way to make sure resilience measures that make sense on paper can truly be relied upon in the field.

Dive into our thinking:

Building a resilient technology stack and operating model

Download PDF

Explore more

Meet our team

At KPMG, we apply our extensive experience and deep domain knowledge every day to helping CIOs build modern IT organizations fit for tomorrow. To learn more about how we could help your business create a more resilient technology stack and IT operating model, contact us.

Image of David Tarabocchia
David Tarabocchia
Principal, CIO Advisory , KPMG US
Image of Paul Baguley
Paul Baguley
Principal, Advisory, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline